Mobile Threat Monday: Stealthy Spy Android App Goes Open Source

This week, Malwarebytes points us to a malicious app which can add remote administration toolkit functionality to existing applications. What sets Dendroid apart from similar apps is its extensive list of features which lets it exploit Android devices.

This site may earn affiliate commissions from the links on this page. Terms of use.

This week, Malwarebytes points us to a malicious app which can add remote administration toolkit functionality to existing applications. What sets Dendroid apart from similar apps is its extensive list of features which lets it exploit Android devices.

Malwarebytes calls this malicious app Android/Trojan.Spy.Dendroid.

DendroidDendroid consists of a Web-based administration panel and builder that makes it easy to inject Dendroid into existing apps. One way Dendroid can sneak past users and infect devices is by pretending to be a parental control tool, since this category of apps require similar privileges as the RAT, such as accessing GPS coordinates and checking installed apps.

This app was previously sold in underground forums for $300. Now the source code is available as open source on Github and is available to a larger malware-writing audience. With the code available for free and in an easy-to-search location, even the most novice malware author can easily use Dendroid and spread the resulting malicious apps.

There is a "huge potential" for cloned apps infected with Dendroid, Malwarebytes said.

What's It Doing?Dendroid can intercept and block SMS messages, surreptitiously record audio, video, and calls, forward contact information, and more. Dendroid also connects with a command-and-control server to forward captured data and receive commands to execute on the infected device. Dendroid can also send SMS messages to premium-rate numbers without the user being aware of what is happening.

Dendroid can secretly record all of your phone calls or silently listen in on your phone's microphone. The malware can also turn on your camera and take pictures, and then upload the pictures. Consider if your phone is listening in on a meeting or a brainstorming session and recording all the information being shared.

Staying SafeAccording to Malwarebytes, the source code is available on Github, which means anyone can use the code to write booby-trapped apps. A lot of the resulting malicious apps will show up on third-party app stores, but we can't rule out the possibility of Dendroid-laden apps sneaking into legitimate app stores. As Malwarebytes noted, researchers found Dendroid in the Play Store shortly after discovering the source code on underground forums back in February.

Fahmida Y. Rashid is a senior analyst for business at PCMag.com. She focuses on ways businesses can use technology to work efficiently and easily. She is paranoid about security and privacy, and considers security implications when evaluating business technology. She has written for eWEEK, Dark Reading, and SecurityWeek covering security, core Internet infrastructure, and open source.
Follow me on Twitter: zdfyrashid
More »